Microsoft has introduced a new security technology, Kernel Data Protection (KDP) in attempts to tackle the challenge of data corruption. Microsoft says attackers, have been shifting their focus towards data corruption after being confronted by security technologies that prevent memory corruption, like Code Integrity (CI) and Control Flow Guard (CFG). These attackers use data corruption techniques to target system security policy, escalate privileges, tamper with security attestation, and modify data structures, among other data damages.
According to Microsoft, this new technology prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS). VBS helps the Windows to host a number of security solutions, providing them with greatly increased protection from vulnerabilities in the operating system, and preventing the use of malicious exploits that attempt to defeat protections. KDP is a set of Application Programming Interfaces (APIs) that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory.
In a blog post, Microsoft Security Team says the concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software as it mitigates attacks by ensuring that policy data structures cannot be tampered with.
Kernel Data Protection also improves performance by lessening the burden on attestation components, which would no longer need to periodically verify data variables that have been write-protected. KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities. It also provides an incentive for driver developers and vendors to improve compatibility with virtualization-based security hence boosts the adoption of these technologies in the ecosystem and would be particularly of great help for users in the most critical data-sensitive industries.